Reducing the Threat Surface

Customer Challenge

As the volume and frequency of cyber attacks grow, traditional tools face the ever-expanding burden of dealing with the volume and sophistication of both known and unknown threats.

Security Operations teams are dealing with an ever growing set of challenges. There is the everyday security events to process, and there is the drive to search for the latest advanced threat that has not been discovered. Both of these tasks require manpower and time. Threat Intelligence is able to solve this issue. It is capable of providing insight on a large volume and category of threats. Organizations must apply this intelligence (both internal and external) to be able to reduce the threat surface.

Large-scale intelligence is highly dynamic, as individual Indicators of Attack (IOAs) may have a short time where they are relevant. It's critical to get this information into action quickly, and out of action once they are no longer a valid threat.

Finally, in dealing with large-scale dynamic intelligence sets, organizations need a plan to handle the MILLIONS of Indicators available at a given time without reducing the performance on their network, or increasing the complexity of the deployment. High-end NGFWs only support 10-40K rules - leveraging these devices for Threat Intelligence only allows for smaller, more focused policies.

QuickThreat Gateway handles 125x more indicatorsthan the most powerful (NGFW) available

End User Concerns

"30% of our email system performance is wasted simply rejecting mail from known malicious sources."

Regional Bank

"It takes months to fully identify and eliminate a threat in our network even when all our existing tools tell us about it."

National Retailer

"Our systems are constantly being re-evaluated to meet the growing scale of today's threats."

Internet Service Provider

“Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.”

– State of the Threat Environment 2016, Greg Young

Centripetal Use Case

Threat Intelligence provides the identification of known-bad network activity, infrastructure, and malicious actors. Implementing this intelligence as a security strategy reduces the attack surface and extends the capabilities of existing security tools.

Threat Intelligence provides a significant advantage for categorizing and prioritizing network security events. Large volumes of highly dynamic intelligence have the opportunity to significantly reduce the amount of network security events end users are dealing with.

Applying GEO based policies that are of low-risk to the business, often times as much as 30% of malicious network traffic is eliminated from the network. Eliminating this network traffic at the Gateway reduces the need for downstream devices to process this traffic, speeding up performance, and extending the life of those investments. Additionally, security teams are given more time to focus on the remaining threats in their environment.

Once organizations have a handle on the effects of blocking this traffic at the Gateway and reducing these threats in their networks, they continue to tighten controls. Using large-scale policies to dynamically track items like scanners, Command and Control infrastructure, and un-authorized Remote Access tools, organizations further reduce risk, and higher-risk, advanced treats rise to the surface.

In this example, QuickThreat has reduced half of the volume of malicious traffic from known threats, raising the visibility of the Advanced Persistent Threats and Nation-State events. QuickThreat also has the ability to further reduce threats by expanding the policy to include more trusted intelligence sources.

Protect your network using Threat Intelligence

Step 1: Assessing the Threat Surface using Threat Intelligence

Step 2: Reducing the Threat Surface using GEO Blocks

Step 3: Further Reducing the Threat Surface with intelligence policies

Business Outcomes

Close the Protection Gap

Intelligence is most effective when delivered timely, enabling rapid response to reduce risk. Machine-to-Machine transfer takes a process from hours to seconds, and operates around the clock.

Measurable Success

Having instant access to the outcomes and activities related to threat intelligence provides the tools teams need to measure their success. Internal security teams efforts are highlighted and subscriptions can be evaluated based on outcomes.

Reduce Costs

Cost savings be demonstrated in multiple forms. Time-savings through automation, reduction in incident response and breach resolution costs, and demonstration of value from intelligence teams and threat intelligence subscriptions.